RSA Wrap-Up: Feds Push Greater Security Awareness

The heavyweight lineup of government representatives at last week's RSA Conference raised many questions -- but few answers -- about how best to fight cybercrime.

During his presentation at the conference, White House Cybersecurity Coordinator Howard Schmidt presented a laundry list of "near-term" cybersecurity actions being planned by the Obama administration. Schmidt announced that the updated federal guidance for the somewhat controversial Comprehensive National Cyber security Initiative (CNCI) was now available on the Web, which drew some applause.

"There have been questions about the CNCI," Schmidt said. "And we're providing answers."

The CNCI was originally developed by the Bush administration, and has been revised by the Obama administration to improve the security of U.S. government networks through more active and comprehensive monitoring.

Homeland Security Secretary Janet Napolitano also made an appearance at the conference. During her keynote, Napolitano issued a call for public awareness and new ideas in the fight against cybercrime, and unveiled a contest to back it up. The aim of the National Cybersecurity Awareness Campaign Challenge is to gather ideas for how best to discuss cybersecurity with the American public. Participants have until April 30 to submit ideas, and the winners will get a chance to go to Washington, D.C. and work with Napolitano's department to lead the awareness campaign, which will kick off Cybersecurity Awareness Month in October.

Napolitano likened the public outreach program in scale to early anti-smoking and forest fire-awareness campaigns.

"We are challenging our nation's best and brightest to utilize their expertise and creativity to devise new ways to engage the public in the shared responsibility of safeguarding our cyber resources and information," she said.

Napolitano emphasized the urgency of the cybersecurity threat and called on the security industry to "do more and do it faster." But education, she added, is the key.

"I can't stress enough that secure cyber-enforcement is as much about people's habits as it is about machines," she said. "The most elegant technological solution will ultimately fail unless it has support from professionals and [people] who understand how to stay safe online."

Later in the conference, FBI Director Robert Mueller added to Napolitano's call to arms, encouraging cybersecurity experts interested in joining the FBI "to serve their country." He also echoed Napolitano's admonition to the private sector to cooperate with government agencies in the fight against cybercrime by reporting network security breaches. Cybercrime investigation is often perceived as potentially disruptive to an enterprise, so companies may be reluctant to report them. Mueller told his audience that his agency is committed to minimizing such disruptions during "the investigative process."

"We in the FBI understand that you have practical concerns about reporting breaches of security," he said. "You may think this will harm your competitive advantage. We do not want you to feel victimized a second time. We will minimize the disruption to your business. We will seek, when necessary, protective orders to protect business secrets and confidentiality."

But he added that high-profile investigations of cybercrime are not the norm. "For every investigation in the news, there are hundreds that never make the headlines," he said. "Disclosure is the exception, not the rule."